Disabling input elements in a CakePHP form that us

I have a form in CakePHP that has two live-search text input. Each one of them updates the value of a hidden field when the user selects a result. The model is called Record, and the attributes involved are

budget_id
program_id
concept_id

I have created a form using the FormHelper in this way:

...
<?php echo $this->Form->create('Record') ?>
<h1>Create a record</h1>

<?php echo $this->Form->hidden('Record.budget_id', array('value' => $budget['Budget']['id'])) ?>

<?php echo $this->Form->hidden('Record.program_id') ?>
<?php echo $this->Form->input('Record.program_id_search', array(...)) ?>

<?php echo $this->Form->hidden('Record.concept_id') ?>
<?php echo $this->Form->input('Record.concept_id_search', array(...)) ?>

<?php echo $this->Form->submit('Send') ?>
<?php echo $this->Form->end(); ?>
...

As you can see, the input fields that store the model attributes are hidden. The live-search boxes are configured with the jQuery's autocomplete plugin.

Following the CakePHP manual recommendations I have disabled the two extra fields in beforeFilter method, so that the Security component ignores them and the form passes validation:

public function beforeFilter() {
  $this->Security->disabledFields = array(
    'Record.program_id_search',
    'Record.concept_id_search',
  );
}

It seems that CakePHP gets angry whenever I change the value of hidden inputs from Javascript and it sends me to the blackhole method. That's OK according to documentation.

But what surprises me is that the Security component keeps ignoring my disabledFields settings.

I've been searching in several web sources and everybody point to the disabledFields options. But it does not work for me.

Any suggestions?

Thanks!!

UPDATE

I have found a workaround but it's really really ugly. I have replaced the hidden input fields with regular select fields, but setting the CSS display property as none.

This way the Security component does not complain anymore, and the user keeps viewing a couple of live-search boxes.

I don't understand why changing a select with Javascript it's ok, but changing a hidden input not.

回答1:

It happens because the Security Component locks the hidden fields, saving in the hash not just their name but also their value. Therefore when you change their value, you make the whole form invalid. The only solution is to switch those fields from hidden to normal field, wrapped inside a display:none; div.

Another way would be to disable the checks on that field, but the code you posted isn't the right way to do it. You should instead specify the fields during the configuration of the component, like this:

var $components = array('Security' => array(
    'blackHoleCallback' => 'callback',
    'requireAuth' => array('action1', 'action2'),
    'allowedControllers' => array('controller'),
    'allowedActions' => array('action1', 'action2'),
    'disabledFields' => array('Record.program_id_search', 'Record.concept_id_search')
    )
);

回答2:

An easier way to have solved this that I just discovered would have been to add 'secure' => false to your input's attribute array. This prevents them from being added to the secure fields list.